Zoho Corporation ManageEngine Exchange Reporter Plus 5.7 5702
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*
part: a version: 5.7 update: 5702
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Exchange Reporter Plus (9fa4b748-92d7-5237-a864-78c4be422321) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7633 |
vulnerable | 2026-06-03 15:13:40.620460 |
Stored XSS
HIGH (7.3)
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
Published: 2025-11-11T10:32:01.920Z
Updated: 2026-02-26T16:57:58.978Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7632 |
vulnerable | 2026-06-03 15:13:40.593474 |
Stored XSS
HIGH (7.3)
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
Published: 2025-11-11T10:29:44.881Z
Updated: 2026-02-26T16:57:59.315Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7430 |
vulnerable | 2026-06-03 15:12:31.250570 |
Stored XSS
HIGH (7.3)
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
Published: 2025-11-11T10:24:11.018Z
Updated: 2026-02-26T16:57:59.721Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7429 |
vulnerable | 2026-06-03 15:12:31.235396 |
Stored XSS
HIGH (7.3)
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
Published: 2025-11-11T07:40:26.374Z
Updated: 2026-02-26T16:58:00.376Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5966 |
vulnerable | 2026-06-03 15:07:55.151026 |
Stored XSS
HIGH (8.1)
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.
Published: 2025-06-26T12:22:10.367Z
Updated: 2025-06-26T12:54:07.728Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5366 |
vulnerable | 2026-06-03 15:06:27.671479 |
Stored XSS
HIGH (8.1)
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
Published: 2025-06-26T12:21:02.567Z
Updated: 2025-06-26T12:54:40.737Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5347 |
vulnerable | 2026-06-03 15:06:27.615822 |
Stored XSS
MEDIUM (6.3)
Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.
Published: 2025-10-30T14:31:51.240Z
Updated: 2025-10-30T14:46:50.399Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5343 |
vulnerable | 2026-06-03 15:06:27.606393 |
Stored XSS
MEDIUM (6.3)
Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.
Published: 2025-10-30T14:28:20.681Z
Updated: 2025-10-30T14:46:41.725Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5342 |
vulnerable | 2026-06-03 15:06:27.593293 |
Denial of Service (DoS)
MEDIUM (4.3)
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module.
Published: 2025-10-30T14:20:53.989Z
Updated: 2025-10-30T14:46:13.685Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3835 |
vulnerable | 2026-06-03 15:01:05.740427 |
Remote Code Execution
CRITICAL (9.6)
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
Published: 2025-06-09T10:29:18.379Z
Updated: 2026-02-26T17:51:06.541Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9459 |
vulnerable | 2026-06-03 14:58:21.530745 |
SQL Injection
HIGH (8.3)
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
Published: 2024-11-05T05:44:57.368Z
Updated: 2024-11-05T16:24:05.731Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6204 |
vulnerable | 2026-06-03 14:58:02.183813 |
SQL injection
HIGH (8.3)
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
Published: 2024-08-30T17:10:07.783Z
Updated: 2024-08-30T18:05:36.513Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38872 |
vulnerable | 2026-06-03 14:56:19.945610 |
SQL Injection
HIGH (8.3)
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
Published: 2024-07-26T17:30:23.932Z
Updated: 2024-08-02T04:19:20.244Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38871 |
vulnerable | 2026-06-03 14:56:19.936143 |
SQL Injection
HIGH (8.3)
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
Published: 2024-07-26T17:29:42.911Z
Updated: 2024-08-02T04:19:20.491Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21775 |
vulnerable | 2026-06-03 14:54:50.703014 |
SQL Injection
HIGH (8.3)
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
Published: 2024-02-16T14:35:11.451Z
Updated: 2024-08-21T14:44:14.705Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6105 |
vulnerable | 2026-06-03 14:53:50.405899 |
ManageEngine Information Disclosure in Multiple Products
MEDIUM (5.5)
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
Published: 2023-11-15T20:57:47.981Z
Updated: 2025-02-13T17:26:03.759Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35785 |
vulnerable | 2026-06-03 14:52:18.761636 |
Details available
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
Published: 2023-08-28T00:00:00.000Z
Updated: 2024-08-02T16:30:45.335Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22624 |
vulnerable | 2026-06-03 14:49:19.708221 |
Details available
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.
Published: 2023-01-17T00:00:00.000Z
Updated: 2025-04-04T17:40:54.319Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.